InTrust Knowledge Pack for AIX adds the capability of native (agent based) gathering from and real-time monitoring of the following audit trails on IBM AIX 5L 5.3 and V6 6.1 systems:
CAUTION:
An agent running on an AIX machine catches only the local messages; it does not catch messages redirected from other computers over the network.
The following is a list of issues addressed and enhancements implemented in this release of the Knowledge Pack.
Table 1: Agents installation and uninstallation resolved issues
| Resolved Issue | Issue ID |
|---|---|
| The Uninstall.sh script fails to remove some directories under the agent installation path that are not empty. You will have to manually remove those directories after uninstalling the agent from an AIX system with the Uninstall.sh script. | CR0182113 |
|
The adcscm_package.aix_ppc.sh script displays the following message during the agent installation: ./request: not found This message does not affect the agent installation and is safe to ignore. |
CR0182045 |
The following is a list of issues known to exist at the time of InTrust Knowledge Pack for AIX release.
Table 2: Upgrade known issues
| Known Issue | Issue ID |
|---|---|
| Changes you might have made to predefined objects related to processing AIX machines (like job names and some other parameters) will be lost upon upgrade. It is recommended that you use copies of predefined objects (policies, jobs, etc.), rather than original objects themselves, to customize their parameters as you need. | CR0220429 |
Table 3: Real-time monitoring known issues
| Known Issue | Issue ID |
|---|---|
|
When InTrust monitors an AIX system with a real-time monitoring rule based on the "AIX Text Files Monitoring" data source and aimed at a set of text files, like the "Text file modified" predefined rule, and one of the text files specified for monitoring exceeds 2MB in size, the rule stops processing other files down the list. The confusing event is logged to the InTrust event log on the corresponding InTrust Server computer: Event ID: 8325 Type: Error Source: InTrust Monitoring Engine Operation: Internal Event Computer: host0123 Description: Data source 'AIX Text Files Monitoring' (ID = {8F031B9E-ECB6-4DDF-B63C-9582A629748F}) failed to collect events. Error text: ADC Error: Function not implemented (ADCCanUnloadNow) Avoid monitoring text files that may exceed overgrow 2MB. |
CR0204065, CR0204074 |
|
When InTrust monitors an AIX system with the "Group created" and "User added to the group" real-time monitoring rules at the same time, and the group with users in it is created on that system, only the "Group created" rule generates an alert and the "User added to the group" rule does not. Likewise, when both the "Group removed" and "User removed from the group" real-time monitoring rules apply to an AIX system, and the group with users in it is removed from that system, only the "Group removed" rule generates an alert and the "User removed from the group" rule does not. |
CR0203085 |
InTrust 11.3.2 Knowledge Pack for AIX supports upgrade from Knowledge Pack for AIX 5L for InTrust versions 10.4.1 and later.
CAUTION:
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center
